I was doing a 'CVS update' from the IETF LAN, when I got rather nervous
-- there have been active attacks on the wireless LAN there in the
past. I switched my CVS access to use ssh, but I ran into another
issue: I have no way of knowing that I got to the right place, because
I don't know what the key fingerprints should be. It would be nice if
the repositories would publish the fingerprints for all of their SSH
public keys.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com